Re: [squid-users] transparent proxy by URL?

From: Jordi Prats <jordi.prats_at_gmail.com>
Date: Mon, 4 Aug 2008 14:12:26 +0200

On Mon, Aug 4, 2008 at 2:00 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> Jordi Prats wrote:
>>
>> On Mon, Aug 4, 2008 at 1:33 PM, Amos Jeffries <squid3_at_treenet.co.nz>
>> wrote:
>>>
>>> Jordi Prats wrote:
>>>>
>>>> Hi all,
>>>> I've a transparent proxy using iptables+squid. It's possible to
>>>> instruct squid to proxy only if the URL does not contain a given
>>>> string?
>>>>
>>>> For example, if you try to access to
>>>> http://lol.example.com/ALLOWEDSTRING/page.html through squid, it
>>>> should allow direct access.
>>>>
>>>> Anyone have a setup like this?
>>>
>>> Once the request has reached Squid its impossible to stop it reaching
>>> Squid.
>>
>> So, how can it be configured as invisible as possible? I'm trying to
>> setup a honeyspot using squid to analyze HTTP data.
>>
>
> Okay.
> Two questions to help me out with my suggestions:
>
> Exactly what type of helper software are you using to do the analysis?
> (by helper style I mean: ICAP scanner, redirector capture, log analysis,
> etc.)

I've setup a gateway to NAT all allowed traffic, except traffic that
goes to port 80, with I redirect to squid (from iptables):

   86 4128 REDIRECT tcp -- eth3 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 redir ports 3128

By now, I'm using a squid log analysis tool to extract a navigation
history. (It's enough for me)

> ... and why do you need to exclude certain requests?
> (known good sources, from the helper software itself, etc?)

I need to exclude requests to any url that contains a string like
"proxytest" to hide my proxy because recently I've seen this URL in
squid's accesslog:

http://blablabla/proxytest/blablabla

If it's not possible to skip this type of requests, could you please
give me any hints in order to setup a squid as transparent as
possible?

regards,

>>
>>> What you need is a WPAD/PAC setup for clients browsers.
>>>
>>> Though there is really no good reason why you can't just proxy straight
>>> through for all HTTP requests. The limit usually comes down to broken web
>>> server apps.
>>>
>>> Amos
>
>
>
> Amos
> --
> Please use Squid 2.7.STABLE3 or 3.0.STABLE8
>

-- 
Jordi
Received on Mon Aug 04 2008 - 12:12:28 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 05 2008 - 12:00:02 MDT